If you already have a .csv configuration file from your YubiKey
provider, you can skip this section. You can create a .csv configuration file
that contains the YubiKey token key material if you do not have one from your YubiKey provider.
Yubico OTP is the only supported Yubico format.
About this task
Note: As described in the YubiKey documentation, the Yubico OTP generated by the Yubikey token
represents a single authentication method. It is recommended that you use Yubico OTP with another authentication method.
To prepare the Yubico OTP token, complete the following steps:
Procedure
-
Download and install the YubiKey Personalization Tool from the Yubico website https://www.yubico.com/.
-
Insert the Yubikey token in a USB slot on a Windows system.
-
Run the YubiKey Personalization Tool.
-
Select the Settings tab.
-
In the Log configuration output control, select Yubico
format. This is the only supported format.
-
Select the Yubico OTP tab.
-
Click Quick.
-
Select Configuration Slot 2.
Note: You can use either slot 1 or 2 with IBM® MFA. However, slot 2 is recommended
because it requires a long press, making it less likely that the Yubikey is
accidentally triggered.

-
Click Write Configuration.
The configuration information is stored in a format similar to the following
example:
7699966,tvhcjlhgucln,ba29fe0f63b4,3ae7fa1cd82885153a2ae8dea864a22b,
000000000000,2018-08-23T16:06:21,
where the first field is the serial number of the Yubikey token and the key material
follows.
-
Save the configuration file (.csv file) to a secure location of your
choice that is accessible to the IBM MFA server system.
Important: The configuration .csv file contains important key
material. Save the file only in a secure location. A malicious actor could attempt to use the key
material to gain system access.